Method and apparatus for operating a rfid system

ABSTRACT

A system for operating a radio frequency identification (RFID) system includes a remotely operable access point at an authentication point. A first trigger sensor detects an RFID signal from an RFID device associated with a user at a first trigger distance from the authentication point. A controller responsive to a signal detected from the RFID device exchanges data with the RFID device and determines whether the RFID device is authorized. A second trigger sensor exchanges data with the RFID device at a second trigger distance closer to the authentication point than the first trigger distance. The controller is responsive to the RFID signal detected at the second trigger sensor to authenticate the RFID device at the authentication point.

BACKGROUND

The present invention relates to operating active radio frequencyidentification (RFID) systems. More particularly, the present inventionrelates to reducing response times in active RFID systems.

Recently, active RFID systems have come into use with devices such assmart phones equipped with Bluetooth or other longer distancetechnologies. While convenient, these methods have limitations. Thefirst is that the long-range capability of these RFID systems (manyfeet) can cause confusion in applications such as close-spaced accesscontrol systems having controlled access barriers such as doors,turnstiles, and the like. Various schemes for operating active RFIDsystems have been adopted, such as requiring a twisting or turningmotion (HID access cards and readers) or a physical tapping of thedevice (Samsung uses this for activation in its near field communication(NFC) protocol) or pressing a button to start the process or startingthe process when the device is at a close distance by measuring thesignal strength using, for example, the RSSI (Receive Signal StrengthIndicator) function in an IEEE 802.11 system. Using the RSSI method asan example, the current practice is to trigger the process at apredetermined signal level which then starts the authentication process.

All of these mechanisms work but all have certain drawbacks. Theprincipal drawback is the delay time for the credential to beauthenticated. In higher security applications, the processing delay canbe several seconds. From the user point of view, this is a major issueas there is no way to tell what is going on and why the gate, door,turnstile or other access point is not operating. This causes problemsat the access control points because the throughput of the access point,such as, for example a turnstile, is expected to be between about 40-60accesses per minute. If a three second delay is introduced into theaccess system by the authentication process, the maximum throughputdrops to less than about 20 per minute. This is a significant problem.

FIG. 1 is a diagram showing an illustrative prior-art system 10 foroperating a controlled access barrier at an access point separating apublic area identified at reference numeral 12 from a controlled accessarea identified at reference numeral 14. The controlled access area 14may take many forms, such as, but not limited to, transit systems,commercial buildings, stadiums and other entertainment venues,government facilities, etc. An access barrier 16, such as a wall, afence, or other barrier separates the public area 12 from the controlledaccess area 14. FIG. 1 shows a plurality of access points 18 a, 18 b,and 18 c, which, for purposes of illustration are depicted asturnstiles. Persons of ordinary skill in the art will readily appreciatethat the access points 18 a, 18 b, and 18 c could be doors, gates, orany other means for accessing the controlled access area. Although FIG.1 arbitrarily depicts a system for controlling three access points, suchskilled persons will appreciate that some applications will require buta single access point while other applications will require the use ofmore than one access point.

A RFID reader 20 a is positioned proximate to access point 18 a.Similarly, RFID readers 20 b and 20 c are positioned proximate to accesspoints 18 b and 18 c, respectively. RFID readers are coupled to acontrol system 22 by communication links collectively identified byreference numeral 24. Persons of ordinary skill in the art willappreciate that communication links 24 could be hardwired or wirelesscommunication links although hardwired communication links may providean enhanced level of security over wireless communication links.

FIG. 1 depicts a RFID device 26 in dashed lines at locations designateda, b, c, and d successively closer to the access point 18 b. The RFIDdevice 26 is shown in solid lines at the location e closest to theaccess point 18 b. As will be appreciated by persons of ordinary skillin the art, the RFID device may take numerous forms, a cellulartelephone being a common such device. The RFID device may be carried bya person or may be, for example, attached to a vehicle.

Across the region including locations a, b, c, and d identified byreference numeral 28, the strength of the RFID signal (represented bycurved lines one of which is identified by reference numeral 30)transmitted by the RFID device 26 is below a threshold set by thecontrol system 22 for establishing a communication link between the RFIDreader 20 b and the RFID device 26 (such as by use of an RSSI protocol).Once the RFID device 26 is located at a position e identified by dashedline 32, it is close enough to the RFID reader 20 b, a communicationlink is established between the RFID reader 20 b and the RFID device 26and data is exchanged between the RFID reader 20 b and the RFID device26. Data identifying the RFID device 26 is received by the RFID reader20 b and is communicated to the control system 22. The control system 22queries an access list 32 to determine whether the RFID device isauthorized to permit entry into the controlled access area 14. If theRFID device is authorized to permit entry into the controlled accessarea 14, the control system 22 sends a control signal to the accesspoint 18 b to enable entry through the access point 18 b.

In many such systems, a communication link is not established betweenthe RFID device 26 and the RFID readers 20 a and 20 c, located furtheraway from the RFID device 26 than RFID reader 20 b. In some systems, thecontroller can use the relative signal strengths of the RFID signal sentby RFID device 26 to determine which one of access points 18 a 18 b, and18 c should be activated.

Referring now to FIG. 2, a diagram shows the operation of anillustrative prior-art system for operating a controlled access barrierat an access point, such as the system depicted in FIG. 1. Numerouselements of the system 10 of FIG. 1 are shown in FIG. 2 and will beidentified using the same reference numerals used to identify thoseelements in FIG. 1.

The RFID device 26 is shown at the top of FIG. 2 approaching the accesspoint 18 b at position a located at a distance from the access point 18b identified at reference numeral 34. At this distance 34 from theaccess point 18 b at a time indicated on an elapsed time scale 36 atreference numeral 38, no communication is established between the RFIDdevice and the RFID sensor 20 b.

At a time indicated at reference numeral 40 at a desired triggerdistance from the access point 18 b identified at reference numeral 32,the RFID device 26 is shown at the approaching the access point 18 b atposition e and an RFID link is established between the RFID device 26and the RFID sensor 20 b. The authentication procedure that is performedin the control system 22 of FIG. 1 begins at this time and is completedat a time indicated at reference numeral 42. At a time indicated atreference numeral 44, the control system 22 of FIG. 1 then sends thecontrol signal to the access point 18 b to enable entry through theaccess point 18 b.

Persons of ordinary skill in the art will appreciate that the time scale36 is shown for purposes of illustration only and is not linear in thatthe actual times 40, 42, and 44 will depend on system sensitivity,latency, and processing throughput. FIG. 2 illustrates that a time delayidentified at reference numeral 46 will exist at the access point 18 bbetween the time that the RFID device 26 is located at position e andcomes into range of the RFID sensor 20 b.

As previously stated, this time delay 46 at the access point 18 b is thenecessary delay time for the credential to be authenticated. In highersecurity applications, this processing delay can be several seconds, andcan be a major issue as there is no way for the user to determine whythe gate, door, turnstile or other access point is not operating. Thistime delay 46 reduces the throughput of the access point. Where theaccess point 18 a is, for example a turnstile, an average throughput isexpected to be between about 40-60 accesses per minute as was previouslynoted. If the time delay at the access point 18 a introduced into theaccess system by the authentication process is three seconds, themaximum throughput at the access point 18 a drops to less than about 20per minute. This is a significant problem.

Persons of ordinary skill in the art will appreciate that there areplaces other than access points where users would use an RFID link forauthentication. One non-limiting example is for elevator dispatching andcontrol (floor choice is an example). An elevator dispatch system orother system may employ a kiosk in a hall to direct people to the properelevator or other location. On upper floors, the access control systemcan be employed to limit which direction a particular person could go.For instance, a person may be allowed access to floor 21, but may not bepermitted to request an up elevator from that floor. Such controls couldbe located either in the foyer of a building, at the main bank ofelevators, or on an individual floor. These are all versions of accesscontrol systems.

Increasing the speed of the authentication process for an existingaccess system may not be an option due to limitations of the computingportion of the security system chosen.

There exists a need for a system and method for operating an RFID systemsuch as a controlled access system that addresses the limitations of theprior art.

BRIEF DESCRIPTION

In accordance with one aspect of the present invention, a method isdescribed which gives an easily implemented apparent reduction in theresponse time of RFID access systems.

According to one aspect of the present invention a method for operatinga controlled access barrier at an access point includes exchanging datawith an RFID device associated with a user in response to a firsttrigger event, determining from data received from the RFID devicewhether to authenticate the user, and exchanging data with the RFIDdevice in response to a second trigger event occurring after the firsttrigger event, and only if the user has been authenticated, operatingthe controlled access barrier to grant access to the user at the accesspoint after exchanging data with the RFID device in response to thesecond trigger event.

The method may include releasing a latch mechanism in the controlledaccess barrier. The controlled access barrier may take many forms. Anon-exhaustive list of these forms includes a latch mechanism of aturnstile, a latch mechanism of a gate or door.

According to one aspect of the invention, the first trigger event isexchanging data with the RFID device at a first received signal strengththreshold from the RFID device, and the second trigger event isexchanging data with an RFID device at a second received signal strengththreshold from the RFID device greater than the first received signalstrength threshold.

In some embodiments of the invention, the device is worn by or carriedby the user. In such embodiments the first trigger event is sensing thepresence of the user at a first distance from the access point, and thesecond trigger event is sensing the presence of the user at a seconddistance from the access point closer to the access point than the firstdistance. Sensing the presence of the user may include one of sensing atleast one user action, interruption of a light beam, sensing pressure ona pressure pad on which the user has made contact, and sensing thepresence of the user by one of transmission and reflection of energyfrom the user.

In accordance with another aspect of the invention, a method foroperating one of a plurality of controlled access barriers at an accesspoint includes exchanging data with an RFID device associated with auser in response to a first trigger event, determining from the detectedRFID signal whether to authenticate the user, and exchanging data withthe RFID device near at least one of the controlled access barriers inresponse to a second trigger event occurring after the first triggerevent. Only if the user has been authenticated, the one of the at leastone controlled access barriers from which a detected RFID signal fromthe device is the strongest is operated to grant access to the user atthe access point in response to the second trigger event.

BRIEF DESCRIPTION OF THE DRAWING FIGURES

The invention will be explained in more detail in the following withreference to embodiments and to the drawing in which are shown:

FIG. 1 is a diagram showing an illustrative prior-art system foroperating a controlled access barrier at an access point;

FIG. 2 is a diagram showing timing considerations for the operation ofan illustrative prior-art system for operating a controlled accessbarrier at an access point, such as the system depicted in FIG. 1;

FIG. 3 is a diagram showing an illustrative system for operating acontrolled access barrier at an access point in accordance with thepresent invention;

FIG. 4 is a diagram showing timing considerations for the operation ofan illustrative prior-art system for operating a controlled accessbarrier at an access point, such as the system depicted in FIG. 3;

FIG. 5 is a diagram showing an illustrative system for operating an RFIDsystem in accordance with the present invention;

FIG. 6 is flow diagram illustrating a method in accordance with anaspect of the invention;

FIG. 7 is a flow diagram illustrating a method in accordance with anaspect of the invention; and

FIG. 8 is a flow diagram illustrating a method in accordance with anaspect of the invention.

DETAILED DESCRIPTION

Persons of ordinary skill in the art will realize that the followingdescription of the present invention is illustrative only and not in anyway limiting. Other embodiments of the invention will readily suggestthemselves to such skilled persons.

The various disclosed embodiments of the invention are illustrative ofthe invention. All of the embodiments of the invention speed up theauthentication time perceived by a user of the system. Some embodimentsrelate to directly operating a controlled access barrier. Otherembodiments of the invention implement an authentication process thatmay later be used to grant access to physical spaces or grant access tooperate various instrumentalities.

In the various embodiments of the invention, the RFID device maycommunicate using a protocol such as IEEE 802.15, known as Bluetooth.Persons of ordinary skill in the art will appreciate that the presentinvention is not limited to systems and methods that employ theBluetooth standard, but apply to systems and methods that employ anywireless communications protocol.

Referring first of all to FIG. 3, a diagram shows an illustrative system50 for operating a controlled access barrier separating a public areaidentified at reference numeral 12 from a controlled access areaidentified at reference numeral 14 at an access point in accordance withthe present invention method for decreasing perceived response time forRFID access. Numerous elements of the system 50 of FIG. 3 are similar toelements in the system 10 of FIG. 1 and will be identified using thesame reference numerals used to identify those elements in FIG. 1.

The controlled access area 14 may take many forms, such as, but notlimited to, transit systems, commercial buildings, stadiums and otherentertainment venues, government facilities, etc. An access barrier 16,such as a wall, a fence, or other barrier separates the public area 12from the controlled access area 14. FIG. 3 shows a plurality of accesspoints 18 a, 18 b, and 18 c, which, for purposes of illustration aredepicted as turnstiles. Persons of ordinary skill in the art willreadily appreciate that the access points 18 a, 18 b, and 18 c could bedoors, gates, or any other means for granting access to the controlledaccess area. Although FIG. 3 arbitrarily depicts a system forcontrolling three access points, such skilled persons will appreciatethat some applications will require but a single access point whileother applications will require the use of more than one access point.

A RFID reader 20 a is positioned proximate to access point 18 a.Similarly, RFID readers 20 b and 20 c are positioned proximate to accesspoints 18 b and 18 c, respectively. The RFID readers 20 a, 20 b, and 20c are coupled to a control system 22 by communication links collectivelyidentified by reference numeral 24. Persons of ordinary skill in the artwill appreciate that the communication links 24 could be hardwired orwireless communication links although hardwired communication links mayprovide an enhanced level of security over wireless communication links.

FIG. 3 depicts a RFID device 26 in dashed lines at locations identifiedin FIG. 3 by letters a, b, c, d, and e that are successively closer tothe access points 18 a, 18 b, and 18 c, and to access point 18 b inparticular. As will be appreciated by persons of ordinary skill in theart, the RFID device 26 may take numerous forms, a cellular telephonebeing a common such device. The RFID device 26 may be carried by aperson or may be, for example, attached to a vehicle.

Unlike the system 10 of FIG. 1, the system 50 of FIG. 3 incorporates twotrigger points to implement the authentication process. The first set oftrigger points are the RFID readers 20 a, 20 b, and 20 c that were shownin FIG. 1 and are positioned proximate to access points 18 a, 18 b and18 c, respectively. The second set of trigger points are identified atreference numerals 52 a, 52 b, and 52 c. The second set of triggerpoints 52 a, 52 b, and 52 c are positioned to trigger at a distanceidentified by reference numeral 54 further away from the access points18 a, 18 b, and 18 c than the RFID readers 20 a, 20 b, and 20 c that actas the first trigger points. The second set of trigger points 52 a, 52b, and 52 c may take any one or more of numerous forms, such as pressurepads, beam breaking systems, radar, sonar, or other object locatingtransducers or systems and communicate with the system controller 22over communication lines 56. While the particular embodiment shown inFIG. 3 has three first trigger points 52 a, 52 b, and 52 c, it is notimportant for the first trigger point to be unique to the individualaccess points. Because the controller knows who is authorized, otherembodiments are contemplated wherein the RFID device enters an area,such as but not limited to a room, the process starts with a dataexchange between the RFID device and an RFID reader not associated witha particular access point but located near an entrance to the area,e.g., a door. This data exchange could authenticate an FRID device forall or a subset of access points. A link is then established when theRFID device is at the distance close to one or more access points andthe controller authorizes access since the approval process has alreadybeen completed.

Activation of the second trigger causes a communication link to be madebetween the RFID device 26 and an RFID reader device associated with thefirst trigger distance. In some embodiments of the invention, the RFIDreader linked to the RFID device 26 at the first trigger distance may bethe same RFID reader 20 b located at the access point. In otherembodiments of the invention, the RFID reader linked to the RFID device26 at the first trigger distance may be an RFID reader different fromthe RFID reader 20 b located at the access point, for example, an RFIDreader co-located with the trigger points 52 a, 52 b, and 52 c.

Persons of ordinary skill in the art will appreciate that there are twoways to exchange data over a wireless link such as, but not limited to,bluetooth. Either the RFID device 26 searches for RFID readers 20 a, 20b, and 20 c associated with an access control system with which to pairor the or the RFID readers 20 a, 20 b, and 20 c associated with theaccess control system search for an RFID device 26 with which to pair.The difference between initiation of these two data exchanges is whetherthe RFID device 26 or the RFID readers 20 a, 20 b, and 20 c are visibleto the outside world. As an example, a bluetooth door lock availablefrom Kwikset runs in a “quiet mode” in which the RFID device 26 of auser searches for the RFID readers and initiates the data exchange onthe assumption that the lack of visibility of the RFID reader providesan enhanced level of security. Persons of ordinary skill in the art willappreciate that both methods of initiating a communication exchange areintended to fall within the scope of the present invention. Such skilledpersons will also appreciate that the data exchange includes data sentfrom the RFID device 26 to the RFID reader that identifies theindividual RFID device 26 so that it may be authenticated.

As shown in FIG. 3, when the RFID device 26 is located at position a,there is no communication link established between it and the RFIDcontrol system 22. When the RFID device 26 has proceeded to position b,it is at the first trigger point identified by dashed line 54 and acommunication link is established between it and the RFID control system22.

Once the communication link has been established, data identifying theRFID device 26 is received by the RFID reader 20 b during the dataexchange and is communicated to the control system 22. The controlsystem 22 performs an authentication routine that queries an access list32 to determine whether the RFID device is authorized to permit entryinto the controlled access area 14. Performance of authenticationroutines is well known in the art and the present invention is notlimited to use of any particular authentication process.

In accordance with one aspect of the present invention, the separationbetween the distance 54 from the access points 18 a, 18 b, and 18 c atwhich the second trigger points 52 a, 52 b, and 52 c are located and thedistance 32 at which the RFID readers acting as the first trigger points20 a, 20 b, and 20 c are located may be selected to approximate the timeinterval between the actual times 40 and 44 of FIG. 2 reflecting thespeed of approach of the RFID device 26. In this mariner, the time delayat the access points identified at reference numeral 46 in FIG. 2 causedby the authentication process being performed by the control system 22can be eliminated or at least minimized.

The difference in the time delay between the prior art system 10 of FIG.1 and the system 50 of the present invention may be seen with referenceto FIG. 4. The link is established at the first trigger point at a timeindicated at reference numeral 58 when the RFID device 26 (shown at thetop position) is at a distance b from the access point 18 b indicated atreference numeral 54. The control system 22 then begins theauthentication process. The time consumed by the authentication process(T_(auth)) is indicated at reference numeral 60, during which the RFIDdevice 26 continues to move towards the access point 18 b throughlocations b, and c as shown by the middle instance of the RFID device26. By the time the RFID device 26 is at the position e shown at thebottom of FIG. 4, at the second trigger distance indicated at dashedline 32 as sensed by the RFID reader 20 b at a time indicated asT_(travel) at reference numeral 64, the authorization process performedby the system controller 22 has preferably been completed or is close tocompletion. Upon completion of the authentication process, thecontroller 22 sends a control signal to the access point 18 b to enableentry through the access point 18 b. In the case shown in FIG. 4,T_(auth)<T_(trave)l and there is no delay between the time the RFIDdevice arrives at the second trigger distance 32 and the assertion ofthe control signal by the system controller 22 to the access point 18 bto enable entry through the access point 18 b. In some implementationsof the present invention, the time T_(auth) 60 may be longer than thetime T_(travel) 64 but in accordance with the present invention thedelay is much reduced compared to the delay encountered in operating theprior-art system 10 of FIG. 1.

In accordance with some embodiments of the present invention, acommunication link is not established between the RFID device 26 and theRFID readers 20 a and 20 c, located further away from the RFID device 26than RFID reader 20 b. In some embodiments, the controller can employtechniques such as RSSI methods using the relative signal strengths ofthe RFID signal sent by RFID device 26 to determine which one of accesspoints 18 a 18 b, and 18 c should be activated. Persons of ordinaryskill in the art will readily be able to configure systems for suchembodiments using, for example, the RSSI function in an IEEE 802.11system, to trigger the data exchange process at a predetermined signallevel and select or reject signals received from RFID devices dependingon the relative strengths of the signals as they approach multipleaccess points to authorize entry at the one of multiple access points atwhich the received signal is the strongest. This may be particularlyuseful in environments such as entry to public events where a highvolume of entry requests is likely to be encountered. In someembodiments of the invention, the second trigger point may includetapping a RFID device such as a cellular phone on a turnstile orperforming another motion of the RFID device that is recognized by thesystem. For example, the system may communicate with the RFID device toenable a touch screen button on the RFID device to control the mechanismthat unlocks the access point. Numerous such techniques as well as theirimplementations, are known in the art.

Referring now to FIG. 5, a diagram shows an illustrative system 70 foroperating an RFID system in accordance with the present inventionNumerous elements of the system 70 of FIG. 5 are similar to elements inthe system 50 of FIG. 3 and will be identified using the same referencenumerals used to identify those elements in FIG. 3.

FIG. 5 shows a plurality of RFID stations 72 a, 72 b, and 72 c. Personsof ordinary skill in the art will readily appreciate that the RFIDstations 72 a, 72 b, and 72 c could be information terminals, kiosks,pedestals, etc. Although FIG. 5 arbitrarily depicts a system forcontrolling three RFID stations 72 a, 72 b, and 72 c, such skilledpersons will appreciate that some applications will require but a singleRFID station while other applications will require the use of more thanone access point. A non-limiting example of an RFID station inaccordance with the present invention is a station that grants access tocertain floors in an elevator or bank of elevators based on the accessprivileges associated with a particular RFID device.

A RFID reader 20 a is positioned proximate to RFID station 72 a.Similarly, RFID readers 20 b and 20 c are positioned proximate to RFIDstations 72 b and 72 c, respectively. The RFID readers 20 a, 20 b, and20 c are coupled to a control system 22 by communication linkscollectively identified by reference numeral 24. Persons of ordinaryskill in the art will appreciate that, as in the embodiment of theinvention depicted in FIG. 3, the communication links 24 could behardwired or wireless communication links although hardwiredcommunication links may provide an enhanced level of security overwireless communication links. In the non-limiting elevator examplementioned above, the credentials of a person carrying an RFID device canbe verified prior to the person entering a selected elevator. At thetime the person enters the elevator, the buttons for one or moreparticular authorized floors have already been enabled.

FIG. 5 depicts a RFID device 26 in dashed lines at locations identifiedin FIG. 5 by letters a, b, c, d, and e that are successively closer tothe RFID stations, and to RFID station 72 b in particular. As will beappreciated by persons of ordinary skill in the art, the RFID device 26may take numerous forms, a cellular telephone being a common suchdevice. The RFID device 26 may be carried by a person or may be, forexample, attached to a vehicle.

Like the system 50 of FIG. 3, the system 70 of FIG. 5 incorporates twotrigger points to implement the authentication process. The first set oftrigger points are the RFID readers 20 a, 20 b, and 20 c that were shownin FIGS. 1 and 3 and are positioned proximate to RFID stations 72 a, 72b, and 72 c, respectively. The second set of trigger points areidentified at reference numerals 52 a, 52 b, and 52 c. The second set oftrigger points 52 a, 52 b, and 52 c are positioned to trigger at adistance identified by reference numeral 54 further away from the RFIDstations 72 a, 72 b, and 72 c than the RFID readers 20 a, 20 b, and 20 cthat act as the first trigger points. The second set of trigger points52 a, 52 b, and 52 c may take any one or more of numerous forms, such aspressure pads, beam breaking systems, radar, sonar, or other objectlocating transducers or systems and communicate with the systemcontroller 22 over communication lines 56. Activation of the secondtrigger causes a communication link to be established between the RFIDdevice 26 and an RFID reader device associated with the first triggerdistance. In some embodiments of the invention, the RFID reader linkedto the RFID device 26 at the first trigger distance may be the same RFIDreader 20 b located at the access point. In other embodiments of theinvention, the RFID reader linked to the RFID device 26 at the firsttrigger distance may be an RFID reader different from the RFID reader 20b located at the RFID station 72 b, for example, an RFID readerco-located with the trigger points 52 a, 52 b, and 52 c. While, as inthe embodiment illustrated in FIG. 3, the particular embodiment shown inFIG. 5 has three first trigger points 52 a, 52 b, and 52 c, it is notimportant for the first trigger point to be unique to the individualRFID stations 72 a, 72 b, and 72 c. Because the controller knows who isauthorized, other embodiments are contemplated wherein the RFID deviceenters an area, such as but not limited to a room, the process startswith a data exchange between the RFID device and an RFID reader notassociated with a particular RFID station but located near an entranceto the area, e.g., a door. This data exchange could authenticate an FRIDdevice for all or a subset of RFID stations or access points. A link isthen established when the RFID device is at the distance close to one ormore RFID stations and the controller authorizes access since theapproval process has already been completed.

As shown in FIG. 5, when the RFID device 26 is located at position a,there is no communication link established between it and the RFIDcontrol system 22. When the RFID device 26 has proceeded to position b,it is at the first trigger point identified by dashed line 54 and acommunication link is established between it and the RFID control system22.

Once the communication link has been established, data identifying theRFID device 26 is received by the RFID reader 20 b and is communicatedto the control system 22. The control system 22 performs anauthentication routine that queries an access list 32 to determinewhether the RFID device is known, and what privileges are associatedwith it. Performance of authentication routines is well known in the artand the present invention is not limited to use of any particularauthentication process.

In accordance with one aspect of the present invention, the separationbetween the distance 54 from the RFID stations 72 a, 72 b, and 72 c atwhich the second trigger points 52 a, 52 b, and 52 c are located and thedistance 32 at which the RFID readers acting as the first trigger points20 a, 20 b, and 20 c are located may be selected to approximate the timeinterval between the actual times 40 and 44 of FIG. 2 and FIG. 4reflecting the speed of approach of the RFID device 26. In this manner,the time delay at the RFID stations identified at reference numeral 46in FIG. 2 caused by the authentication process being performed by thecontrol system 22 can be eliminated or at least minimized.

In accordance with this aspect of the present invention, theauthentication and access process performed by the system is commencedat a predetermined signal level which then starts the authenticationprocess. The system and method uses a dual set of triggers (of whichRSSI can be one) wherein the first trigger starts the authenticationprocess and the second one activates the control systems. As anon-limiting example, the first trigger may be set to occur at adistance of about three feet and the second trigger may be set to occurat a distance of about six inches. The authentication process can becompleted or almost completed during the time it takes a person carryingor wearing the RFID device to travel the almost three feet. When thesecond trigger occurs, the control system can be triggered immediately.From the perspective of the user, the response time is minimal, but theauthentication time required is the same as in the prior-art systems.

Referring now to FIG. 6, a flow diagram shows an illustrative method 80for granting access to a controlled access area in accordance with oneaspect of the present invention. The method begins at reference numeral82.

At reference numeral 84, the system polls the RFID readers associatedwith the first trigger points. The method loops through this pollinguntil a first trigger is detected at a first trigger point. The firsttrigger could be the establishing of a communication link with anapproaching RFID device or another trigger as disclosed herein followedby establishing a communication link with the RFID device at the firsttrigger point. The method then proceeds to reference numeral 86 where acommunication link is established with the RFID device (if such a linkhas not already been established at reference numeral 84), data isexchanged with the RFID device and the authentication process isperformed.

At reference numeral 88 it is determined if the authentication processhas authenticated the detected RFID device. If the device has not beenauthenticated, access will not be granted and the method returns to theloop at reference numeral 82. If the device has been authenticated,access will be granted and the method proceeds to reference numeral 90,where the system polls the second trigger point for detection of theauthenticated RFID device at a predetermined distance range. As wasnoted with respect to the first trigger point, the second trigger pointcould itself be the establishment of a communication link with the RFIDdevice. When a communication link has been established with theauthenticated RFID device at reference numeral 92, the system enablesaccess to the controlled access area through the controlled accessbarrier by enabling passage through the controlled access barrier atreference numeral 94. The method returns to the loop at referencenumeral 84 to await detection of another user/RFID device at the firsttrigger point. Persons of ordinary skill in the art will appreciate thatthe establishment of the communication link with the RFID device atreference numerals 86 and 92 can be initiated either by the RFID deviceor by the system with which the RFID device is communicating.

Referring now to FIG. 7, a flow diagram shows an illustrative method 100for granting access to a controlled access area in accordance with oneaspect of the present invention. The method begins at reference numeral102.

At reference numeral 104, the system polls the RFID readers associatedwith the first trigger points. The method loops through this pollinguntil an RFID device is detected at the first trigger point at a signalstrength exceeding a first threshold. The first trigger could be theestablishing of a communication link with an approaching RFID device oranother trigger as disclosed herein followed by establishing acommunication link with the RFID device at the first trigger point. Themethod then proceeds to reference numeral 106 where a communication linkis established with the RFID device (if not already established atreference numeral 104), data is exchanged with the detected RFID deviceand the authentication process is performed.

At reference numeral 108 it is determined if the authentication processhas authenticated the detected RFID device. If the device has not beenauthenticated, access will not be granted and the method returns to theloop at reference numeral 102. If the device has been authenticated,access will be granted and the method proceeds to reference numeral 110,where the system polls the second trigger point for detection of theauthenticated RFID device at a predetermined distance range representedby, for example, a signal strength threshold. As was noted with respectto the first trigger point, the second trigger point could itself be theestablishment of a communication link with the RFID device. When acommunication link has been established with the authenticated RFIDdevice at reference numeral 112, the system enables access to thecontrolled access area through the controlled access barrier by enablingpassage through the controlled access barrier at reference numeral 114.The method returns to the loop at reference numeral 104 to awaitdetection of another user/RFID device at the first trigger point.

Referring now to FIG. 8, a flow diagram shows an illustrative method 120for granting access to a controlled access area through one of aplurality of controlled access points in accordance with one aspect ofthe present invention. The method begins at reference numeral 122.

At reference numeral 124, the system polls the first trigger points. Themethod loops through this polling until an event is detected at a firsttrigger point. At reference numeral 126, the system establishes acommunication link with the RFID device. Persons of ordinary skill inthe art will appreciate that the detected event could be theestablishment of a link with the RFID device. The method then proceedsto reference numeral 126 where data is exchanged with the RFID deviceover the communication link and the authentication process is performed.

A reference numeral 128 it is determined if the authentication processhas authenticated the detected RFID device. If the device has not beenauthenticated, access will not be granted and the method returns to theloop at reference numeral 124. If the device has been authenticated,access will be granted and the method proceeds to reference numeral 130,where the system polls for an event at the second trigger point. Theevent may be detection of the authenticated RFID device at apredetermined distance range.

At reference numeral 132 a communication link is established in responseto the second trigger event. When the authenticated RFID device has beendetected at the predetermined distance range, at reference numeral 134the system determines which one of the RFID detectors at the secondtrigger point near the controlled access points has detected the signalfrom the authorized RFID device at the highest signal strength,indicating that the particular controlled access point is the one beingapproached by the RFID device. At reference numeral 136, the systemenables access to the controlled access area through the selectedcontrolled access barrier by enabling passage through the selectedcontrolled access barrier. The method returns to the loop at referencenumeral 124 to await detection of another user/RFID device at the firsttrigger point.

Persons of ordinary skill in the art will appreciate that theestablishment of the communication link with the RFID device atreference numerals 126 and 130 can be initiated either by the RFIDdevice or by the system with which the RFID device is communicating.

Reference numerals 94, 114, and 136 in FIGS. 6, 7, and 8, respectively,recite enabling access as shown and described with reference to FIG. 3.Persons of ordinary skill in the art will appreciate that thesereference numerals also apply to the processes performed at RFIDstations 72 a, 72 b, and 72 c that do not themselves provide access tocontrolled spaces but authorize such access.

While embodiments and applications of this invention have been shown anddescribed, it would be apparent to those skilled in the art that manymore modifications than mentioned above are possible without departingfrom the inventive concepts herein. The invention, therefore, is not tobe restricted except in the spirit of the appended claims.

What is claimed is:
 1. A system for operating a radio frequencyidentification (RFID) system comprising: a remotely operable accesspoint at an authentication point; a first trigger sensor to initiate adata exchange with an RFID device associated with a user at a firsttrigger distance from the authentication point; a controller responsiveto a signal detected from the RFID device and determine whether the RFIDdevice is authorized; a second trigger sensor to initiate a dataexchange with the RFID device at a second trigger distance closer to theauthentication point than the first trigger distance; and the controllerbeing responsive to data received from the RFID device at the firsttrigger sensor to authenticate the RFID device at the authenticationpoint.
 2. The system of claim 1 wherein: the authentication point is aremotely operable access barrier at an access point; and the controllerbeing responsive to the RFID signal detected at the second triggersensor point to operate the remotely operable access barrier only if theuser has been authenticated.
 3. The system of claim 2 wherein theremotely operable access barrier is a turnstile.
 4. The system of claim2 wherein the remotely operable access barrier is a door.
 5. The systemof claim 2 wherein the remotely operable access barrier is an elevator.6. The system of claim 5 wherein the elevator is operated to grantaccess to a selected floor serviceable by the elevator.
 7. The system ofclaim 1 wherein: the authentication point is a kiosk; the systemcontrols the kiosk to direct a user of the RFID device to a selectedremotely operable access barrier at the access point; and the controllerbeing responsive to data exchanged with the RFID device at the selectedremotely operable access barrier at the access point to operate theselected remotely operable access barrier only if the user has beenauthenticated.
 8. The system of claim 1 wherein the controller isconfigured to initiate exchange of data with the RFID device.
 9. Thesystem of claim 1 wherein the controller is configured to exchange datawith the RFID device in response to communication of data from the RFIDdevice.
 10. A method for operating a controlled access barrier at anaccess point comprising: exchanging data with an RFID device associatedwith a user in response to a first trigger event; determining from theexchanged data whether to authenticate the user; exchanging data withthe RFID device in response to a second trigger event occurring afterthe first trigger event; and only if the user has been authenticated,operating the controlled access barrier to grant access to the user atthe access point after exchanging data with the RFID device in responseto the second trigger event.
 11. The method of claim 10 whereinoperating the controlled access barrier comprises releasing a latchmechanism in the controlled access barrier.
 12. The method of claim 10wherein operating the controlled access barrier comprises releasing alatch mechanism of a turnstile.
 13. The method of claim 10 whereinoperating the controlled access barrier comprises releasing a latchmechanism of a gate or door.
 14. The method of claim 10 wherein: thefirst trigger event is exchanging data with the RFID device at a firstreceived signal strength threshold; and the second trigger event isexchanging data with the RFID device at a second received signalstrength threshold greater than the first received signal strengththreshold.
 15. The method of claim 10 wherein: the device is worn by orcarried by the user; the first trigger event is exchanging data with theRFID device to detect presence of a user at a first distance from theaccess point; and the second trigger event is exchanging data with theRFID device to detect presence of the user at a second distance from theaccess point closer to the access point than the first distance.
 16. Themethod of claim 15 wherein detecting presence of the user is one ofdetecting at least one user action, interruption of a light beam,sensing pressure on a pressure pad on which the user has made contact,and detecting the presence of the user by one of transmission andreflection of energy from the user.
 17. The method of claim 10 wherein:exchanging data with the RFID device associated with a user in responseto the first trigger event is initiated by a request sent from the RFIDdevice; and exchanging data with the RFID device associated with a userin response to the second trigger event is initiated by a request sentfrom the RFID device.
 18. The method of claim 10 wherein: exchangingdata with the RFID device associated with a user in response to thefirst trigger event is initiated by a request sent to the RFID device;and exchanging data with the RFID device associated with a user inresponse to the second trigger event is initiated by a request sent tothe RFID device.
 19. A method for operating one of a plurality ofcontrolled access barriers at an access point comprising: exchangingdata with an RFID device associated with a user in response to a firsttrigger event; determining from the detected RFID signal whether toauthenticate the user; and detecting at least one of the controlledaccess barriers the RFID signal from the device in response to a secondtrigger event occurring after the first trigger event; and only if theuser has been authenticated, operating the one of the at least onecontrolled access barriers from which the detected RFID signal from thedevice is the strongest to grant access to the user at the access pointin response to the second trigger event.